6 Two-Factor Authentication Authentication based on two credentials of different kind, both must be approved E.g. ATM card (something you have) & PIN (something you know). Not username/password (both are something you know). One-time passwords for sensitive transactions. Great scope in nature and interaction of two factors Two- and multi-factor authentication have many future applications, e.g. fraud resistant train tickets, electronic voting, and exams Page 6

7 Role-Based Access Control Systems that control access to resources based on subject s role, not their identity E.g. company access policies E.g. role-based Offers better change management: only role attributes need to be updated; existing credentials then bind to new role Different roles may serve as different personas Page 7

8 Digital Rights Management Systems (DRM) Framework for controlling circumstances under which digital resource can be used Possibly dependent on usage history but independent of usage location E.g. Fairplay (itunes), Zone Codes for DVDs Of considerable interest for military and public section, e.g. citizen-centric DRMs Consumers need to see cost/benefit value in being under such contextual usage control Page 8

15 Regionally/Globally Unique Identifiers Means of identifying subjects or resources uniquely within a region, or globally E.g. Oyster Card, Radio Frequency Identification Device (RFID), Universally Unique Identifier (UUID), The Digital Object Identifier System (DOI) Public perception and trust issues Open standards and solutions (e.g. UUIDs) can be used within IMSs DRMs to control use of Unique Identifiers, e.g. National Insurance Card? Page 15

17 Not So Pie-in-the-Sky Technologies Sensory Networks: heterogeneous, ubiquitous tracking of activities E.g. as in The Times (online), 16 January 2008: The Times has seen a patent application filed by the company for a computer system that links workers to their computers via wireless sensors that measure their metabolism. [ ] Microsoft submitted a patent application in the US for a "unique monitoring system" that could link workers to their computers. Wireless sensors could read "heart rate, galvanic skin response, EMG, brain signals, respiration rate, body temperature, movement facial movements, facial expressions and blood pressure", the application states. Page 17

and s Branch Glossary of Key Terms The terms and definitions listed in this glossary are used throughout the s Package to define key terms in the context of. Access Control Access The processes by which

www.css-security.com 425.216.0720 WHITE PAPER The proliferation of user accounts can lead to a lowering of the enterprise security posture as users record their account information in order to remember

Identity Management Critical Systems What is Identity Management? Identity: a set of attributes and values, which might or might not be unique Storing and manipulating identities Binding virtual identities

RealMe Technology Solution Overview Version 1.0 Final September 2012 Authors: Mick Clarke & Steffen Sorensen 1 What is RealMe? RealMe is a product that offers identity services for people to use and manage

Entitlements Access Management for Software Developers Market Environment The use of fine grained entitlements and obligations control for access to sensitive information and services in software applications

Biometric Single Sign-on using SAML Architecture & Design Strategies Ramesh Nagappan CISSP Ramesh.Nagappan@sun.com 1 Setting Expectations What you can take away! Understand the importance of Single Sign-On

Identity and Access Management Technologies Developed By: Janice Moyer Presented By: Adam James NebraskaCERT - 8/14/ Access Control Process Identification Ensuring the subject is who he claims to be Authentication

WebLogic Server 7.0 Single Sign-On: An Overview Today, a growing number of applications are being made available over the Web. These applications are typically comprised of different components, each of

Service Virtualization: Managing Change in a Service-Oriented Architecture Abstract Load balancers, name servers (for example, Domain Name System [DNS]), and stock brokerage services are examples of virtual

The Emerging Infrastructure for Identity and Access Management Copyright 2001 The Burton Group. All rights reserved. Open Group In3 Conference January 23, 2002 Jamie Lewis, CEO and Research Chair, jlewis@burtongroup.com

Application Note A brief on Two-Factor Authentication Summary This document provides a technology brief on two-factor authentication and how it is used on Netgear SSL312, VPN Firewall, and other UTM products.

Moving to Multi-factor Authentication Kevin Unthank What is Authentication 3 steps of Access Control Identification: The entity makes claim to a particular Identity Authentication: The entity proves that

RSA SecurID Two-factor Authentication Today, we live in an era where data is the lifeblood of a company. Now, security risks are more pressing as attackers have broadened their targets beyond financial

Data Security and Healthcare Complex data flows Millions of electronic medical records across many systems New and emerging business relationships Changing and maturing compliance frameworks Diverse population

Page 1 of 6 IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT) I. Understanding the need for privacy in the IT environment A. Evolving

Single Sign-On Security and comfort can be friend. Arnd Langguth alangguth@novell.com September, 2006 Identity proliferation in the enterprise Password management problem How many passwords do you have?

Introduction to THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY Introduction to Introduction In today s world of rapidly expanding and growing software development; organizations, enterprises and governments

Enterprise effectiveness of digital certificates: Are they ready for prime-time? by Jim Peterson As published in (IN)SECURE Magazine issue 22 (September 2009). www.insecuremag.com www.insecuremag.com 1

Gabriel Magariño Software Engineer gabriel.magarino@gmail.com www.javapassion.com/idm Overview Revisited Disclaimer and Acknowledgments The contents here are created as a own personal endeavor and thus

Overview West Virginia Department of Education (WVDE) is required by law to collect and store student and educator records, and takes seriously its obligations to secure information systems and protect

Secure Identity in Cloud Computing Michelle Carter The Aerospace Corporation March 20, 2013 The Aerospace Corporation 2013 All trademarks, service marks, and trade names are the property of their respective

Instructions: This questionnaire was developed to assess the vendor s information security practices and standards. Please complete this form as completely as possible, answering yes or no, and explaining

White Paper Internet File Management & HIPAA A Practical Approach towards Responding to the Privacy Regulation of the Act The recent activation of the privacy requirement of the Health Insurance Portability

THE IDENTITY COMPANY The Leading Provider of Identity Solutions and Services in the U.S. MorphoTrust USA MorphoTrust USA Our Value Uniquely Identifying Individuals: MorphoTrust is entrusted to ensure that

How did Wiki Leaks happen? A disgruntled employee with an agenda goes to work with USB flash drives and copies restricted files off of the server. There is no adequate secure network access and identity

esign Online Digital Signature Service Government of India Ministry of Communications and Information Technology Department of Electronics and Information Technology Controller of Certifying Authorities

M-FILES CORPORATION USING FEDERATED AUTHENTICATION WITH M-FILES VERSION 1.0 Abstract This article provides an overview of federated identity management and an introduction on using federated authentication

The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which

PingFederate We went with PingFederate because it s based on standards like SAML, which are important for a secure implementation. John Davidson Senior Product Manager, Opower PingFederate is the leading

Course 20533: Implementing Microsoft Azure Infrastructure Solutions Overview About this course This course is aimed at experienced IT Professionals who currently administer their on-premises infrastructure.

Good Afternoon! Since Yesterday we have been talking about threats and how to deal with those threats in order to protect ourselves from individuals and protect people, information, buildings, countries

Biocryptology is an encryption-based authentication technology that represents a generational step forward in online security and a transformative approach to combating cybercrime. entry to a network or